CodeAccessPermission.Assert
Method

Definition

In This Article

Declares that the calling code can access the resource protected by a permission demand through the code that calls this method, even if callers higher in the stack have not been granted permission to access the resource. Using Assert() can create security issues.

Remarks

The call stack is typically represented as growing down, so that methods higher in the call stack call methods lower in the call stack. Calling Assert prevents a stack walk originating lower in the call stack from proceeding up the call stack beyond the code that calls this method. Therefore, even if callers higher on the call stack do not have the requisite permissions to access a resource, they can still access it through the code that calls this method on the necessary permission. An assertion is effective only if the code that calls Assert passes the security check for the permission that it is asserting.

Assert is ignored for a permission not granted because a demand for that permission will not succeed. However, if code lower on the call stack calls Demand for that permission, a SecurityException is thrown when the stack walk reaches the code that tried to call Assert. This happens because the code that called Assert has not been granted the permission, even though it tried to Assert it.

Caution

Because calling Assert removes the requirement that all code in the call chain must be granted permission to access the specified resource, it can open up security issues if used incorrectly or inappropriately. Therefore, it should be used with great caution.